“This page contains both secure and non-secure items. Do you want to display the non-secure items?”
“This page contains other resources which are not secure. These resources can be viewed by others while in transit, and can be modified by an attacker to change the look of the page.”
Users will not receive an error, the browser will just show a red line through the padlock.
Users will not receive an error, a Yellow Padlock icon will appear when the address bar is clicked.
Troubleshooting Insecure Content
This problem occurs if a web page contains hyperlinks to insecure elements. For example, consider a web page that contains the following HTML snippet:
<a href="http://www.example.com/images/picture.jpg">View my picture</a>
Resolving Insecure Content
To resolve this problem, use either of the following methods.
Method 1: Use relative links
You can use relative links in hyperlink URLs to prevent browsers from displaying warning messages about insecure content. For example, we could rewrite the above HTML snippet as follows:
<a href="/images/picture.jpg">My picture</a>
Because the image file is referenced by a relative link instead of the explicitly insecure http:// URL as above, the browser does not warn users about mixed secure and insecure content.
Note that this only works if the remote site also supports SSL connections. If content can’t be loaded securely, you shouldn’t be loading it, lest you continue to get security warnings.
Method 2: Redirect all requests to SSL connections
An alternative method is to redirect all user requests to SSL connections. Using this method, even if a user specifies a non-secure URL like http://example.com/page.html, they are automatically redirected to https://example.com/page.html.